+
+ // read private key (mandatory)
+ DB::Row privKeyRow;
+ retCode = readDataHelper(true, cred, DataType::DB_KEY_FIRST, name, label, keyPassword, privKeyRow);
+ if(retCode != CKM_API_SUCCESS)
+ return retCode;
+ privKey = CKM::Key::create(privKeyRow.data);
+
+ // read certificate (mandatory)
+ DB::Row certRow;
+ retCode = readDataHelper(true, cred, DataType::CERTIFICATE, name, label, certPassword, certRow);
+ if(retCode != CKM_API_SUCCESS)
+ return retCode;
+ cert = CKM::Certificate::create(certRow.data, DataFormat::FORM_DER);
+
+ // read CA cert chain (optional)
+ DB::RowVector rawCaChain;
+ retCode = readDataHelper(true, cred, DataType::DB_CHAIN_FIRST, name, label, certPassword, rawCaChain);
+ if(retCode != CKM_API_SUCCESS &&
+ retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN)
+ return retCode;
+ for(auto &rawCaCert : rawCaChain)
+ caChain.push_back(CKM::Certificate::create(rawCaCert.data, DataFormat::FORM_DER));
+
+ // if anything found, return it
+ if(privKey || cert || caChain.size()>0)
+ retCode = CKM_API_SUCCESS;
+
+ return retCode;
+}
+
+RawBuffer CKMLogic::getPKCS12(
+ const Credentials &cred,
+ int commandId,
+ const Name &name,
+ const Label &label,
+ const Password &keyPassword,
+ const Password &certPassword)
+{
+ int retCode = CKM_API_ERROR_UNKNOWN;
+
+ PKCS12Serializable output;
+ try {
+ KeyShPtr privKey;
+ CertificateShPtr cert;
+ CertificateShPtrVector caChain;
+ retCode = getPKCS12Helper(cred, name, label, keyPassword, certPassword, privKey, cert, caChain);
+
+ // prepare response
+ if(retCode == CKM_API_SUCCESS)
+ output = PKCS12Serializable(privKey, cert, caChain);
+ } catch (const DB::Crypto::Exception::Base &e) {
+ LogError("DB::Crypto failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ }
+
+ auto response = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
+ commandId,
+ retCode,
+ output);
+ return response.Pop();
+}
+
+int CKMLogic::getDataListHelper(const Credentials &cred,
+ const DataType dataType,
+ LabelNameVector &labelNameVector)
+{
+ int retCode = CKM_API_ERROR_DB_LOCKED;
+ if (0 < m_userDataMap.count(cred.clientUid))